On Wed, 23 Feb 2005, Jesse Guardiani wrote:
> tcpdump 'not ( host shannon and port 22 ) and not host 192.168.1.193 and not port syslog and not port domain and not snmp and not port 3632'
>
> And here's the only thing I could find that looked relevent:
>
> 04:22:30.959889 IP 192.168.10.2.2048 > 192.168.10.1.2048: UDP, length: 120
> 04:22:30.961323 IP 192.168.10.1.2048 > 192.168.10.2.2048: UDP, length: 140
> 04:22:32.791481 IP 192.168.10.1 > 192.168.10.2: gre-proto-0x883e
> 04:22:35.790420 IP 192.168.10.1 > 192.168.10.2: gre-proto-0x883e
> 04:22:40.954870 IP 192.168.10.2.2048 > 192.168.10.1.2048: UDP, length: 120
> 04:22:40.956378 IP 192.168.10.1.2048 > 192.168.10.2.2048: UDP, length: 140
> 04:22:41.790316 IP 192.168.10.1 > 192.168.10.2: gre-proto-0x883e
> 04:22:51.932636 IP 192.168.10.2.2048 > 192.168.10.1.2048: UDP, length: 120
> 04:22:51.934544 IP 192.168.10.1.2048 > 192.168.10.2.2048: UDP, length: 140
>
> 192.168.10.1 is my Cisco router's LAN address.
> Does the above mean anything to anyone?
Yes.
The UDP packets is the WCCP control channel
The gre 0x883e is the WCCP redirected packets.
You may need "-i any" argument to tcpdump to see the complete picture
however.
Regards
Henrik
Received on Wed Feb 23 2005 - 15:16:50 MST
This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST